VYPR

Crud File Server Node Module

by Hackerone

Source repositories

CVEs (18)

  • CVE-2017-16035HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.01

    The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP…

  • CVE-2018-3724HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.

  • CVE-2017-16210HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16191HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16182HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16180HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16147HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16135HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16124HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16105HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16101HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16090HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16089HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16055HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2014-10066HigMay 31, 2018
    risk 0.49cvss 7.5epss 0.02

    Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.

  • CVE-2018-3733HigMay 29, 2018
    risk 0.42cvss 7.5epss 0.02

    crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.

  • CVE-2018-3726MedJun 7, 2018
    risk 0.33cvss 6.1epss 0.01

    crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

  • CVE-2017-16038HigJun 4, 2018
    risk 0.00cvss 7.5epss 0.03

    `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.